<?php
/**
* copyright : (C) 2001-2019 Advanced Internet Designs Inc.
* email : forum@prohost.org
* $Id$
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; version 2 of the License.
**/
if (function_exists('mb_internal_encoding')) {
mb_internal_encoding('utf-8');
}
require('./GLOBALS.php');
/* Activation check. */
if (!($FUD_OPT_1 & 1)) { // FORUM_ENABLED
fud_use('errmsg.inc');
exit_forum_disabled();
}
# define('fud_query_stats', 1);
class db { public static $db, $slave; }
if (empty(db::$db)) {
// Use MYSQLI_REPORT_OFF so we can check error codes manually.
$driver = new mysqli_driver();
$driver->report_mode = MYSQLI_REPORT_OFF;
if (substr($GLOBALS['DBHOST'], 0, 1) == ':') { // Socket connection.
$socket = substr($GLOBALS['DBHOST'], 1);
$GLOBALS['DBHOST'] = 'localhost';
} else {
$socket = NULL;
}
if ($GLOBALS['FUD_OPT_1'] & 256 && $socket == NULL && version_compare(PHP_VERSION, '5.3.0', '>=')) { // Enable pconnect for PHP 5.3+.
$GLOBALS['DBHOST'] = 'p:'. $GLOBALS['DBHOST'];
}
db::$db = new mysqli($GLOBALS['DBHOST'], $GLOBALS['DBHOST_USER'], $GLOBALS['DBHOST_PASSWORD'], $GLOBALS['DBHOST_DBNAME'], NULL, $socket);
if (mysqli_connect_errno()) {
fud_sql_error_handler('Failed to establish database connection', 'MySQLi says: '. mysqli_connect_error(), mysqli_connect_errno(), '');
}
db::$db->set_charset('utf8');
/* Connect to slave, if specified. */
if (!empty($GLOBALS['DBHOST_SLAVE_HOST']) && !$GLOBALS['is_post']) {
db::$slave = new mysqli($GLOBALS['DBHOST'], $GLOBALS['DBHOST_USER'], $GLOBALS['DBHOST_PASSWORD'], $GLOBALS['DBHOST_DBNAME'], NULL, $socket);
if (mysqli_connect_errno()) {
fud_logerror('Unable to init SlaveDB, fallback to MasterDB: '. mysqli_connect_error(), 'sql_errors');
} else {
db::$db->set_charset('utf8');
}
}
define('__dbtype__', 'mysql');
}
function db_close()
{
db::$db->close();
}
function db_version()
{
if (!defined('__FUD_SQL_VERSION__')) {
$ver = q_singleval('SELECT VERSION()');
define('__FUD_SQL_VERSION__', $ver);
}
return __FUD_SQL_VERSION__;
}
function db_lock($tables)
{
if (!empty($GLOBALS['__DB_INC_INTERNALS__']['db_locked'])) {
fud_sql_error_handler('Recursive Lock', 'internal', 'internal', db_version());
} else {
q('LOCK TABLES '. $tables);
$GLOBALS['__DB_INC_INTERNALS__']['db_locked'] = 1;
}
}
function db_unlock()
{
if (empty($GLOBALS['__DB_INC_INTERNALS__']['db_locked'])) {
unset($GLOBALS['__DB_INC_INTERNALS__']['db_locked']);
fud_sql_error_handler('DB_UNLOCK: no previous lock established', 'internal', 'internal', db_version());
}
if (--$GLOBALS['__DB_INC_INTERNALS__']['db_locked'] < 0) {
unset($GLOBALS['__DB_INC_INTERNALS__']['db_locked']);
fud_sql_error_handler('DB_UNLOCK: unlock overcalled', 'internal', 'internal', db_version());
}
unset($GLOBALS['__DB_INC_INTERNALS__']['db_locked']);
q('UNLOCK TABLES');
}
function db_locked()
{
return isset($GLOBALS['__DB_INC_INTERNALS__']['db_locked']);
}
function db_affected()
{
return db::$db->affected_rows;
}
function uq($query)
{
return q($query);
}
if (!defined('fud_query_stats')) {
function q($query)
{
// Assume master DB, route SELECT's to slave DB.
// Force master if DB is locked (in transaction) or 'SELECT /* USE MASTER */'.
$db = db::$db;
if (!empty(db::$slave) && !db_locked() && !strncasecmp($query, 'SELECT', 6) && strncasecmp($query, 'SELECT /* USE MASTER */', 23)) {
$db = db::$slave;
}
$r = $db->query($query);
if ($db->error) {
fud_sql_error_handler($query, $db->error, $db->errno, db_version());
}
return $r;
}
} else {
function q($query)
{
if (!isset($GLOBALS['__DB_INC_INTERNALS__']['query_count'])) {
$GLOBALS['__DB_INC_INTERNALS__']['query_count'] = 1;
} else {
++$GLOBALS['__DB_INC_INTERNALS__']['query_count'];
}
if (!isset($GLOBALS['__DB_INC_INTERNALS__']['total_sql_time'])) {
$GLOBALS['__DB_INC_INTERNALS__']['total_sql_time'] = 0;
}
// Assume master DB, route SELECT's to slave DB.
// Force master if DB is locked (in transaction) or 'SELECT /* USE MASTER */'.
$db = db::$db;
if (!empty(db::$slave) && !db_locked() && !strncasecmp($query, 'SELECT', 6) && strncasecmp($query, 'SELECT /* USE MASTER */', 23)) {
$db = db::$slave;
}
$s = microtime(true);
$result = $db->query($query);
if ($db->error) {
fud_sql_error_handler($query, $db->error, $db->errno, db_version());
}
$e = microtime(true);
$GLOBALS['__DB_INC_INTERNALS__']['last_time'] = ($e - $s);
$GLOBALS['__DB_INC_INTERNALS__']['total_sql_time'] += $GLOBALS['__DB_INC_INTERNALS__']['last_time'];
echo '<hr><b>Query #'. $GLOBALS['__DB_INC_INTERNALS__']['query_count'] .'</b><small>';
echo ': time taken: <i>'. number_format($GLOBALS['__DB_INC_INTERNALS__']['last_time'], 4) .'</i>';
echo ', affected rows: <i>'. db_affected() .'</i>';
echo ', total sql time: <i>'. number_format($GLOBALS['__DB_INC_INTERNALS__']['total_sql_time'], 4) .'</i>';
echo '<pre>'. preg_replace('!\s+!', ' ', htmlspecialchars($query)) .'</pre></small>';
return $result;
}
}
function db_rowobj($result)
{
return $result->fetch_object();
}
function db_rowarr($result)
{
return $result->fetch_row();
}
function q_singleval($query)
{
$r = q($query);
if (($result = $r->fetch_row()) !== false && isset($result)) {
return isset($result) ? $result[0] : '';
}
}
function q_limit($query, $limit, $off=0)
{
return $query .' LIMIT '. $limit .' OFFSET '. $off;
}
function q_concat($arg)
{
// MySQL badly breaks the SQL standard by redefining || to mean OR.
$tmp = func_get_args();
return 'CONCAT('. implode(',', $tmp) .')';
}
function q_rownum() {
q('SET @seq=0'); // For simulating rownum.
return '(@seq:=@seq+1)';
}
function q_bitand($fieldLeft, $fieldRight) {
return $fieldLeft .' & '. $fieldRight;
}
function q_bitor($fieldLeft, $fieldRight) {
return '('. $fieldLeft .' | '. $fieldRight .')';
}
function q_bitnot($bitField) {
return '~'. $bitField;
}
function db_saq($q)
{
$r = q($q);
return $r->fetch_row() ;
}
function db_sab($q)
{
$r = q($q);
return $r->fetch_object();
}
function db_qid($q)
{
q($q);
return db::$db->insert_id;
}
function db_arr_assoc($q)
{
$r = q($q);
return $r->fetch_array(MYSQLI_ASSOC);
}
function db_fetch_array($r)
{
return is_object($r) ? $r->fetch_array(MYSQLI_ASSOC) : null;
}
function db_li($q, &$ef, $li=0)
{
$r = db::$db->query($q);
if ($r) {
return ($li ? db::$db->insert_id : $r);
}
/* Duplicate key. */
if (db::$db->errno == 1062) {
$ef = ltrim(strrchr(db::$db->error, ' '));
return null;
} else {
fud_sql_error_handler($q, db::$db->error, db::$db->errno, db_version());
}
}
function ins_m($tbl, $flds, $types, $vals)
{
q('INSERT IGNORE INTO '. $tbl .' ('. $flds .') VALUES ('. implode('),(', $vals) .')');
}
function db_all($q)
{
$f = array();
$c = uq($q);
while ($r = $c->fetch_row()) {
$f[] = $r[0];
}
return $f;
}
function _esc($s)
{
return '\''. db::$db->real_escape_string($s ?? '') .'\'';
}function ses_make_sysid()
{
if ($GLOBALS['FUD_OPT_2'] & 256) { // MULTI_HOST_LOGIN
return;
}
$keys = array('REMOTE_USER', 'HTTP_USER_AGENT', 'SERVER_PROTOCOL', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_LANGUAGE');
if ($GLOBALS['FUD_OPT_3'] & 16) { // SESSION_IP_CHECK
$keys[] = 'HTTP_X_FORWARDED_FOR';
$keys[] = 'REMOTE_ADDR';
}
$pfx = '';
foreach ($keys as $v) {
if (isset($_SERVER[$v])) {
$pfx .= $_SERVER[$v];
}
}
return md5($pfx);
}
function ses_get($id=0)
{
if (!$id) {
/* Cookie or URL session? If not, check for known bots. */
if (!empty($_COOKIE[$GLOBALS['COOKIE_NAME']])) {
/* Have cookie */
$q_opt = 's.ses_id='. _esc($_COOKIE[$GLOBALS['COOKIE_NAME']]);
} else if ((isset($_GET['S']) || isset($_POST['S'])) && $GLOBALS['FUD_OPT_1'] & 128) {
/* Have session string */
$url_session = 1;
$q_opt = 's.ses_id='. _esc((isset($_GET['S']) ? (string) $_GET['S'] : (string) $_POST['S']));
/* Do not validate against expired URL sessions. */
$q_opt .= ' AND s.time_sec > '. (__request_timestamp__ - $GLOBALS['SESSION_TIMEOUT']);
} else {
/* Unknown user, maybe bot? */
// Auto login authorized bots.
// To test: wget --user-agent="Googlebot 1.2" http://127.0.0.1:8080/forum
$spider_session = 0;
$my_ip = get_ip();
include $GLOBALS['FORUM_SETTINGS_PATH'] .'spider_cache';
foreach ($spider_cache as $spider_id => $spider) {
if (preg_match('/'. $spider['useragent'] .'/i', $_SERVER['HTTP_USER_AGENT'])) {
if (empty($spider['bot_ip'])) {
$spider_session = 1; // Agent matched, no IPs to check.
break;
} else {
foreach (explode(',', $spider['bot_ip']) as $bot_ip) {
if (!($bot_ip = trim($bot_ip))) {
continue;
}
if (strpos($bot_ip, $my_ip) === 0) {
$spider_session = 1; // Agent and an IP matched.
break;
}
}
}
}
}
if ($spider_session) {
if ($spider['bot_opts'] & 2) { // Access blocked.
die('Go away!');
}
if ($id = db_li('INSERT INTO fud30_ses (ses_id, time_sec, sys_id, ip_addr, useragent, user_id) VALUES (\''. $spider['botname'] .'\', '. __request_timestamp__ .', '. _esc(ses_make_sysid()) .', '. _esc($my_ip) .', '. _esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 64)) .', '. $spider['user_id'] .')', $ef, 1)) {
$q_opt = 's.id='. $id;
} else {
$q_opt = 's.ses_id='. _esc($spider['botname']);
}
$GLOBALS['FUD_OPT_1'] ^= 128; // Disable URL sessions for user.
} else {
/* NeXuS: What is this? Return if user unknown? Function should
return only after the query is run. */
//return;
// Check sys_id, ip_addr and useragent for a possible match
$q_opt = 's.sys_id= '._esc(ses_make_sysid()).
' AND s.ip_addr='._esc(get_ip()).
' AND s.useragent='._esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 64));
}
}
/* ENABLE_REFERRER_CHECK */
if ($GLOBALS['FUD_OPT_3'] & 4 && isset($_SERVER['HTTP_REFERER']) && strncmp($_SERVER['HTTP_REFERER'], $GLOBALS['WWW_ROOT'], strlen($GLOBALS['WWW_ROOT']))) {
/* More checks, we need those because some proxies mangle referer field. */
$host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'];
/* $p > 8 https:// or http:// */
if (($p = strpos($_SERVER['HTTP_REFERER'], $host)) === false || $p > 8) {
$q_opt .= ' AND s.user_id > 2000000000 '; // Different referrer, force anonymous.
}
}
} else {
$q_opt = 's.id='. $id;
}
$u = db_sab('SELECT
s.id AS sid, s.ses_id, s.data, s.returnto, s.sys_id,
t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt,
u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.posted_msg_count, u.topics_per_page,
u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login, u.sq, u.ban_expiry, u.ban_reason, u.flag_cc
FROM fud30_ses s
INNER JOIN fud30_users u ON u.id=(CASE WHEN s.user_id>2000000000 THEN 1 ELSE s.user_id END)
LEFT OUTER JOIN fud30_themes t ON t.id=u.theme
WHERE '. $q_opt);
/* Anon user, no session or login. */
if (!$u || $u->id == 1 || $id) {
return $u;
}
if ($u->sys_id == ses_make_sysid()) {
return $u;
} else if ($GLOBALS['FUD_OPT_3'] & 16 || isset($url_session)) {
/* URL sessions must validate sys_id check and SESSION_IP_CHECK must be disabled */
return;
}
/* Try doing a strict SQ match in last-ditch effort to make things 'work'. */
if (isset($_POST['SQ']) && $_POST['SQ'] == $u->sq) {
return $u;
}
return;
}
/** Create an anonymous session. */
function ses_anon_make()
{
// Prevent forum scraping and brute force attacks.
if ($GLOBALS['MAX_CALLS_FROM_IP'] > 0) {
$ip_count = q_singleval('SELECT count(ip_addr) FROM fud30_ses WHERE ip_addr = '. _esc(get_ip()));
if ($ip_count > $GLOBALS['MAX_CALLS_FROM_IP']) {
header('HTTP/1.1 429 Too Many Requests', true, 429);
echo 'Too Many Requests';
die();
}
}
do {
$uid = 2000000000 + mt_rand(1, 147483647);
$ses_id = md5($uid . __request_timestamp__ . getmypid());
} while (!($id = db_li('INSERT INTO fud30_ses (ses_id, time_sec, sys_id, ip_addr, useragent, user_id) VALUES (\''. $ses_id .'\', '. __request_timestamp__ .', '. _esc(ses_make_sysid()) .', '. _esc(get_ip()) .', '. _esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 64)) .', '. $uid .')', $ef, 1)));
/* When we have an anon user, we set a special cookie allowing us to see who referred this user. */
if (isset($_GET['rid']) && !isset($_COOKIE['frm_referer_id']) && $GLOBALS['FUD_OPT_2'] & 8192) {
setcookie($GLOBALS['COOKIE_NAME'] .'_referer_id', $_GET['rid'], __request_timestamp__+31536000, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
}
if ($GLOBALS['FUD_OPT_3'] & 1) { // SESSION_COOKIES
setcookie($GLOBALS['COOKIE_NAME'], $ses_id, 0, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
} else {
setcookie($GLOBALS['COOKIE_NAME'], $ses_id, __request_timestamp__+$GLOBALS['COOKIE_TIMEOUT'], $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
}
return ses_get($id);
}
/** Update session status to indicate last known action. */
function ses_update_status($ses_id, $action=null, $forum_id=0, $ret='')
{
if (empty($ses_id)) {
die('FATAL ERROR: No session, check your forum\'s URL and COOKIE settings.');
}
if (strlen($_SERVER['QUERY_STRING']) > 255) {
// Query string exceeds 'returnto' column length.
die('FATAL ERROR: QUERY_STRING too long!');
}
$sys_id = ses_make_sysid();
q('UPDATE fud30_ses SET sys_id=\''. $sys_id .'\', forum_id='. $forum_id .', time_sec='. __request_timestamp__ .', action='. ($action ? _esc($action) : 'NULL') .', returnto='. (!is_int($ret) ? (isset($_SERVER['QUERY_STRING']) ? _esc($_SERVER['QUERY_STRING']) : 'NULL') : 'returnto') .' WHERE id='. $ses_id);
}
/** Save or clear a session variable. */
function ses_putvar($ses_id, $data)
{
$cond = is_int($ses_id) ? 'id='. (int)$ses_id : 'ses_id=\''. $ses_id .'\'';
if (empty($data)) {
q('UPDATE fud30_ses SET data=NULL WHERE '. $cond);
} else {
q('UPDATE fud30_ses SET data='. _esc(serialize($data)) .' WHERE '. $cond);
}
}
/** Destroy a session. */
function ses_delete($ses_id)
{
// Delete all forum sessions.
// Regardless of MULTI_HOST_LOGIN, all sessions will be terminated.
q('DELETE FROM fud30_ses WHERE id='. $ses_id);
setcookie($GLOBALS['COOKIE_NAME'], '', __request_timestamp__-100000, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
return 1;
}
function ses_anonuser_auth($id, $error)
{
if (!empty($_POST)) {
$_SERVER['QUERY_STRING'] = '';
}
q('UPDATE fud30_ses SET data='. _esc(serialize($error)) .', returnto='. ssn($_SERVER['QUERY_STRING']) .' WHERE id='. $id);
if ($GLOBALS['FUD_OPT_2'] & 32768) { // USE_PATH_INFO
header('Location: [[relativeurl]]/index.php/l/'. _rsidl);
} else {
header('Location: [[relativeurl]]/index.php?t=login&'. _rsidl);
}
exit;
}function &init_user()
{
$o1 =& $GLOBALS['FUD_OPT_1'];
$o2 =& $GLOBALS['FUD_OPT_2'];
$o3 =& $GLOBALS['FUD_OPT_3'];
$o4 =& $GLOBALS['FUD_OPT_4'];
if ($o2 & 32768 && empty($_SERVER['PATH_INFO']) && !empty($_SERVER['ORIG_PATH_INFO'])) {
$_SERVER['PATH_INFO'] = $_SERVER['ORIG_PATH_INFO'];
}
/* We need to parse S & rid right away since they are used during user init. */
if ($o2 & 32768 && !empty($_SERVER['PATH_INFO']) && empty($_GET['t'])) { // USE_PATH_INFO
$pb = $p = explode('/', trim($_SERVER['PATH_INFO'], '/'));
if ($o1 & 128) { // SESSION_USE_URL
$_GET['S'] = array_pop($p);
}
if ($o2 & 8192) { // TRACK_REFERRALS
$_GET['rid'] = array_pop($p);
}
$_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['PATH_INFO']) .'?'. $_SERVER['QUERY_STRING'];
/* Default to index or blog page. */
if (!isset($p[0])) {
if ($o4 & 16 && $o4 & 32) { // Blog enabled and set as home page.
$p[0] = 'blog';
} else {
$p[0] = 'i';
}
}
/* Notice prevention code. */
for ($i = 1; $i < 5; $i++) {
if (!isset($p[$i])) {
$p[$i] = null;
}
}
switch ($p[0]) {
case 'm': /* goto specific message */
$_GET['t'] = 0;
$_GET['goto'] = $p[1];
if (isset($p[2])) {
$_GET['th'] = $p[2];
if (isset($p[3]) && is_numeric($p[3])) {
$_GET['start'] = $p[3];
if ($p[3]) {
$_GET['t'] = 'msg';
unset($_GET['goto']);
}
if (isset($p[4])) {
if ($p[4] === 'prevloaded') {
$_GET['prevloaded'] = 1;
$i = 5;
} else {
$i = 4;
}
if (isset($p[$i])) {
$_GET['rev'] = $p[$i];
if (isset($p[$i+1])) {
$_GET['reveal'] = $p[$i+1];
}
}
}
}
}
break;
case 't': /* view thread */
$_GET['t'] = 0;
$_GET['th'] = $p[1];
if (isset($p[2]) && is_numeric($p[2])) {
// START is not currently used for thread paging.
// Set to 0, but keep code for possible future implementation.
// $_GET['start'] = $p[2];
$_GET['start'] = 0;
if (!empty($p[3])) {
$_GET[$p[3]] = 1;
}
}
break;
case 'f': /* view forum */
$_GET['t'] = 1;
$_GET['frm_id'] = $p[1];
if (isset($p[2])) {
$_GET['start'] = $p[2];
if (isset($p[3])) {
if ($p[3] === '0') {
$_GET['sub'] = 1;
} else {
$_GET['unsub'] = 1;
}
}
}
break;
case 'r':
$_GET['t'] = 'post';
$_GET[$p[1]] = $p[2];
if (isset($p[3])) {
$_GET['reply_to'] = $p[3];
if (isset($p[4])) {
if ($p[4]) {
$_GET['quote'] = 'true';
}
if (isset($p[5])) {
$_GET['start'] = $p[5];
}
}
}
break;
case 'u': /* view user's info */
$_GET['t'] = 'usrinfo';
$_GET['id'] = $p[1];
break;
case 'i':
$_GET['t'] = 'index';
if (isset($p[1])) {
$_GET['cat'] = (int) $p[1];
}
break;
case 'fa':
$_GET['t'] = 'getfile';
$_GET['id'] = isset($p[1]) ? $p[1] : $pb[1];
if (!empty($p[2])) {
$_GET['private'] = 1;
}
break;
case 'sp': /* show posts */
$_GET['t'] = 'showposts';
$_GET['id'] = $p[1];
if (isset($p[2])) {
$_GET['so'] = $p[2];
if (isset($p[3])) {
$_GET['start'] = $p[3];
}
}
break;
case 'l': /* login/logout */
$_GET['t'] = 'login';
if (isset($p[1])) {
$_GET['logout'] = 1;
}
break;
case 'e':
$_GET['t'] = 'error';
break;
case 'st':
$_GET['t'] = $p[1];
$_GET['th'] = $p[2];
$_GET['notify'] = $p[3];
$_GET['opt'] = $p[4] ? 'on' : 'off';
if (isset($p[5])) {
$_GET['start'] = $p[5];
}
break;
case 'sf':
$_GET['t'] = $p[1];
$_GET['frm_id'] = $p[2];
$_GET[$p[3]] = 1;
$_GET['start'] = $p[4];
break;
case 'sl': /* subscribed topic list */
$_GET['t'] = 'subscribed';
if ($p[1] == 'start') {
$_GET['start'] = $p[2];
} else {
if (isset($p[2])) {
$_GET['th'] = $p[2];
} else if (isset($p[1])) {
$_GET['frm_id'] = $p[1];
}
}
break;
case 'bml': /* bookmark list */
$_GET['t'] = 'bookmarked';
if ($p[1] == 'start') {
$_GET['start'] = $p[2];
} else {
if (isset($p[2])) {
$_GET['th'] = $p[2];
}
}
break;
case 'pmm':
$_GET['t'] = 'ppost';
if (isset($p[1], $p[2])) {
$_GET[$p[1]] = $p[2];
if (isset($p[3])) {
$_GET['rmid'] = $p[3];
}
}
break;
case 'pmv':
$_GET['t'] = 'pmsg_view';
$_GET['id'] = $p[1];
if (isset($p[2])) {
$_GET['dr'] = 1;
}
break;
case 'pdm':
$_GET['t'] = 'pmsg';
if (isset($p[1])) {
if ($p[1] !== 'btn_delete') {
$_GET['folder_id'] = $p[1];
} else {
$_GET['btn_delete'] = 1;
$_GET['sel'] = $p[2];
}
if (isset($p[3])) {
$_GET['s'] = $p[3];
$_GET['o'] = $p[4];
$_GET['start'] = $p[5];
}
}
break;
case 'pl': /* poll list */
$_GET['t'] = 'polllist';
if (isset($p[1])) {
$_GET['uid'] = $p[1];
if (isset($p[2])) {
$_GET['start'] = $p[2];
if (isset($p[3])) {
$_GET['oby'] = $p[3];
}
}
}
break;
case 'ml': /* member list */
$_GET['t'] = 'finduser';
if (isset($p[1])) {
switch ($p[1]) {
case 1: case 2: $_GET['pc'] = $p[1]; break;
case 3: case 4: $_GET['us'] = $p[1]; break;
case 5: case 6: $_GET['rd'] = $p[1]; break;
case 7: case 8: $_GET['fl'] = $p[1]; break;
case 9: case 10: $_GET['lv'] = $p[1]; break;
}
if (isset($p[2])) {
$_GET['start'] = $p[2];
if (isset($p[3])) {
$_GET['usr_login'] = urldecode($p[3]);
if (isset($p[4])) {
$_GET['js_redr'] = $p[5];
}
}
}
}
break;
case 'h': /* help */
$_GET['t'] = 'help_index';
if (isset($p[1])) {
$_GET['section'] = $p[1];
}
break;
case 'cv': /* change thread view mode */
$_GET['t'] = $p[1];
$_GET['frm_id'] = $p[2];
break;
case 'mv': /* change message view mode */
$_GET['t'] = $p[1];
$_GET['th'] = $p[2];
if (isset($p[3])) {
if ($p[3] !== '0') {
$_GET['goto'] = $p[3];
} else {
$_GET['prevloaded'] = 1;
$_GET['start'] = $p[4];
if (isset($p[5])) {
$_GET['rev'] = $p[5];
if (isset($p[6])) {
$_GET['reveal'] = $p[6];
}
}
}
}
break;
case 'pv':
$_GET['t'] = 0;
if (isset($p[1])) {
$_GET['goto'] = q_singleval('SELECT id FROM fud30_msg WHERE poll_id='.(int)$p[1]);
$_GET['pl_view'] = empty($p[2]) ? 0 : (int)$p[2];
}
break;
case 'rm': /* report message */
$_GET['t'] = 'report';
$_GET['msg_id'] = $p[1];
break;
case 'rl': /* list of reported messages */
$_GET['t'] = 'reported';
if (isset($p[1])) {
$_GET['del'] = $p[1];
}
break;
case 'd': /* delete thread/message */
$_GET['t'] = 'mmod';
$_GET['del'] = $p[1];
if (isset($p[2])) {
$_GET['th'] = $p[2];
}
break;
case 'em': /* email forum member */
$_GET['t'] = 'email';
$_GET['toi'] = $p[1];
break;
case 'mar': /* mark all/forum read */
$_GET['t'] = 'markread';
if (isset($p[1])) {
$_GET['id'] = $p[1];
if (isset($p[2])) {
$_GET['cat'] = $p[2];
}
}
break;
case 'bl': /* buddy list */
$_GET['t'] = 'buddy_list';
if (isset($p[1])) {
if (!empty($p[2])) {
$_GET['add'] = $p[1];
} else {
$_GET['del'] = $p[1];
}
if (isset($p[3])) {
$_GET['redr'] = 1;
}
}
break;
case 'il': /* ignore list */
$_GET['t'] = 'ignore_list';
if (isset($p[1])) {
if (!empty($p[2])) {
$_GET['add'] = $p[1];
} else {
$_GET['del'] = $p[1];
}
if (isset($p[3])) {
$_GET['redr'] = 1;
}
}
break;
case 'lk': /* lock/unlock thread */
$_GET['t'] = 'mmod';
$_GET['th'] = $p[1];
$_GET[$p[2]] = 1;
break;
case 'stt': /* split thread */
$_GET['t'] = 'split_th';
if (isset($p[1])) {
$_GET['th'] = $p[1];
}
break;
case 'ef': /* email to friend */
$_GET['t'] = 'remail';
$_GET['th'] = $p[1];
break;
case 'lr': /* list referers */
$_GET['t'] = 'list_referers';
if (isset($p[1])) {
$_GET['start'] = $p[1];
}
break;
case 'a':
$_GET['t'] = 'actions';
if (isset($p[1], $p[2])) {
$_GET['o'] = $p[1];
$_GET['s'] = $p[2];
}
break;
case 's':
$_GET['t'] = 'search';
if (isset($p[1])) {
$_GET['srch'] = urldecode($p[1]);
$_GET['field'] = isset($p[2]) ? $p[2] : '';
$_GET['search_logic'] = isset($p[3]) ? $p[3] : '';
$_GET['sort_order'] = isset($p[4]) ? $p[4] : '';
$_GET['forum_limiter'] = isset($p[5]) ? $p[5] : '';
$_GET['start'] = isset($p[6]) ? $p[6] : '';
$_GET['author'] = isset($p[7]) ? $p[7] : '';
}
break;
case 'p':
if (!is_numeric($p[1])) {
$_GET[$p[1]] = $p[2];
} else {
$_GET['frm'] = $p[1];
$_GET['page'] = $p[2];
}
break;
case 'ot':
$_GET['t'] = 'online_today';
if (isset($p[1], $p[2])) {
$_GET['o'] = $p[1];
$_GET['s'] = $p[2];
}
break;
case 're':
$_GET['t'] = 'register';
if (isset($p[1])) {
$_GET['reg_coppa'] = $p[1];
}
break;
case 'tt':
$_GET['t'] = $p[1];
$_GET['frm_id'] = $p[2];
break;
case 'mh':
$_GET['t'] = 'mvthread';
$_GET['th'] = $p[1];
if (isset($p[2], $p[3])) {
$_GET[$p[2]] = $p[3];
}
break;
case 'mn':
$_GET['t'] = $p[1];
$_GET['th'] = $p[2];
$_GET['notify'] = $p[3];
$_GET['opt'] = $p[4];
if (isset($p[5])) {
if ($p[1] == 'msg') {
$_GET['start'] = $p[5];
} else {
$_GET['mid'] = $p[5];
}
}
break;
case 'bm': /* bookmark/unbookmark a topic */
$_GET['t'] = $p[1];
$_GET['th'] = $p[2];
$_GET['bookmark'] = $p[3];
$_GET['opt'] = $p[4];
if (isset($p[5])) {
if ($p[1] == 'msg') {
$_GET['start'] = $p[5];
} else {
$_GET['mid'] = $p[5];
}
}
break;
case 'tr':
$_GET['t'] = 'ratethread';
break;
case 'gm':
$_GET['t'] = 'groupmgr';
if (isset($p[1], $p[2], $p[3])) {
$_GET[$p[1]] = $p[2];
$_GET['group_id'] = $p[3];
}
break;
case 'te':
$_GET['t'] = 'thr_exch';
if (isset($p[1], $p[2])) {
$_GET[$p[1]] = $p[2];
}
break;
case 'mq':
$_GET['t'] = 'modque';
if (isset($p[1], $p[2])) {
$_GET[$p[1]] = $p[2];
}
break;
case 'pr':
$_GET['t'] = 'pre_reg';
$_GET['coppa'] = $p[1];
break;
case 'qb':
$_GET['t'] = 'qbud';
break;
case 'po':
$_GET['t'] = 'poll';
$_GET['frm_id'] = $p[1];
if (isset($p[2])) {
$_GET['pl_id'] = $p[2];
if (isset($p[3], $p[4])) {
$_GET[$p[3]] = $p[4];
}
}
break;
case 'sm':
$_GET['t'] = 'smladd';
break;
case 'mk':
$_GET['t'] = 'mklist';
$_GET['tp'] = $p[1];
break;
case 'rp':
$_GET['t'] = 'rpasswd';
break;
case 'as':
$_GET['t'] = 'avatarsel';
break;
case 'sel':
$_GET['t'] = 'selmsg';
$c = count($p) - 1;
if ($c % 2) {
--$c;
}
$c /= 2;
$i = 0;
while ($c--) {
$_GET[$p[++$i]] = $p[++$i];
}
break;
case 'pml':
$_GET['t'] = 'pmuserloc';
$_GET['js_redr'] = $p[1];
if (isset($p[2])) {
$_GET['overwrite'] = 1;
}
break;
case 'rst':
$_GET['t'] = 'reset';
if (isset($p[1])) {
$_GET['email'] = urldecode($p[1]);
}
break;
case 'cpf':
$_GET['t'] = 'coppa_fax';
break;
case 'cp':
$_GET['t'] = 'coppa';
break;
case 'rc':
$_GET['t'] = 'reg_conf';
break;
case 'ma':
$_GET['t'] = 'mnav';
if (isset($p[1])) {
$_GET['rng'] = isset($p[1]) ? $p[1] : 0;
$_GET['rng2'] = isset($p[2]) ? $p[2] : 0;
$_GET['u'] = isset($p[3]) ? $p[3] : 0;
$_GET['start'] = isset($p[4]) ? $p[4] : 0;
$_GET['sub'] = !empty($p[5]);
}
break;
case 'ip':
$_GET['t'] = 'ip';
if (isset($p[1])) {
$_GET[($p[1][0] == 'i' ? 'ip' : 'user')] = isset($p[2]) ? $p[2] : '';
}
break;
case 'met':
$_GET['t'] = 'merge_th';
if (isset($p[1])) {
$_GET['frm_id'] = $p[1];
}
break;
case 'uc':
$_GET['t'] = 'uc';
if (isset($p[1], $p[2])) {
$_GET[$p[1]] = $p[2];
}
break;
case 'mmd':
$_GET['t'] = 'mmd';
break;
case 'cal': /* Calendar */
$_GET['t'] = 'calendar';
break;
case 'blog': /* Blog */
$_GET['t'] = 'blog';
if ($p[1] == 'u' && isset($p[2])) {
$_GET['user'] = $p[2];
$_GET['start'] = isset($p[3]) ? $p[3] : 0;
}
if ($p[1] == 'f' && isset($p[2])) {
$_GET['forum'] = $p[2];
$_GET['start'] = isset($p[3]) ? $p[3] : 0;
} else {
$_GET['start'] = $p[1];
}
break;
case 'page': /* Static page */
$_GET['t'] = 'page';
if (isset($p[1])) {
$_GET['id'] = $p[1];
}
break;
default:
// Page not specified, redirect to front page.
$_GET['t'] = 'index';
break;
}
$GLOBALS['t'] = $_GET['t'];
} else if (isset($_GET['t'])) {
$GLOBALS['t'] = (string) $_GET['t'];
} else if (isset($_POST['t'])) {
$GLOBALS['t'] = (string) $_POST['t'];
} else {
if ($o4 & 16 && $o4 & 32) { // Blog enabled and set as home page.
$GLOBALS['t'] = 'blog';
} else {
$GLOBALS['t'] = 'index';
}
}
if ($GLOBALS['t'] == 'register') {
$GLOBALS['THREADS_PER_PAGE_F'] = $GLOBALS['THREADS_PER_PAGE']; // Store old value.
}
header('P3P: CP="ALL CUR OUR IND UNI ONL INT CNT STA"'); /* P3P Policy. */
$sq = 0;
/* Fetch an object with the user's session, profile & theme info. */
if (!($u = ses_get()) && defined('plugins')) {
/* Call auto-login plugins. */
$u = plugin_call_hook('AUTO_LOGIN');
}
if (!$u) {
/* New anon user. */
$u = ses_anon_make();
// Log POST reuests for Anon users.
if (defined('fud_logging') || $GLOBALS['is_post'] ) {
fud_logerror($_SERVER['REQUEST_URI'] .': '. print_r($_POST, true), 'post.log');
}
} else if ($u->id != 1 && (!$GLOBALS['is_post'] || sq_check(1, $u->sq, $u->id, $u->ses_id))) {
/* Store the last visit date for registered user. */
q('UPDATE fud30_users SET last_visit='. __request_timestamp__ .' WHERE id='. $u->id);
if ($GLOBALS['FUD_OPT_3'] & 1) { // SESSION_COOKIES
setcookie($GLOBALS['COOKIE_NAME'], $u->ses_id, 0, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
}
if (!$u->sq || __request_timestamp__ - $u->last_visit > 180) { // 3 min.
$u->sq = $sq = regen_sq($u->id);
if (!$GLOBALS['is_post']) {
$_GET['SQ'] = $sq;
} else {
$_POST['SQ'] = $sq;
}
} else {
$sq =& $u->sq;
}
}
// Prevent spiders from doing funny stuff.
if (($u->users_opt & 1073741824) && $GLOBALS['is_post']) { // is_spider
die('Bad bot!');
}
/* Disable caching for registered users and POST requests. */
if ($GLOBALS['is_post'] || $u->id > 1) {
header('Cache-Control: no-store, private, must-revalidate, proxy-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0');
header('Expires: Mon, 21 Jan 1980 06:01:01 GMT');
header('Pragma: no-cache');
}
if ($u->data) {
$u->data = unserialize($u->data);
}
$uo = $u->users_opt = (int)$u->users_opt;
/* This should allow path_info & normal themes to work properly within 1 forum. */
if ($o2 & 32768 && !($u->theme_opt & 4)) {
$o2 ^= 32768;
}
/* Handle PM disabling for users. */
if (!($GLOBALS['is_a'] = $uo & 1048576) && $uo & 33554432) {
$o1 = $o1 &~ 1024;
}
/* Set timezone. */
if (empty($u->time_zone) || @date_default_timezone_set($u->time_zone) === FALSE) {
date_default_timezone_set($GLOBALS['SERVER_TZ']);
}
/* Set locale. */
$GLOBALS['good_locale'] = setlocale(LC_ALL, $u->locale);
/* Call inituser plugins. */
if (defined('plugins')) {
plugin_call_hook('INITUSER', $u);
}
/* View format for threads & messages. */
define('d_thread_view', $uo & 256 ? 'msg' : 'tree');
define('t_thread_view', $uo & 128 ? 'thread' : 'threadt');
if ($GLOBALS['t'] === 0) {
$GLOBALS['t'] = $_GET['t'] = d_thread_view;
} else if ($GLOBALS['t'] === 1) {
$GLOBALS['t'] = $_GET['t'] = t_thread_view;
}
/* Define theme path, may already be set by a plugin. */
defined('fud_theme') or define('fud_theme', 'theme/'. ($u->theme_name ? $u->theme_name : 'default') .'/');
/* Define _uid, which, will tell us if this is a 'real' user or not. */
define('__fud_real_user__', ($u->id != 1 ? $u->id : 0));
define('_uid', __fud_real_user__ && ($uo & 131072) && !($uo & 2097152) ? $u->id : 0);
/* Allow user to set their own topics per page value, as long as it is smaller then the max. */
if (__fud_real_user__ && $GLOBALS['THREADS_PER_PAGE'] > $u->topics_per_page) {
$GLOBALS['THREADS_PER_PAGE'] = (int) $u->topics_per_page;
}
$GLOBALS['sq'] = $sq;
/* Define constants used to track URL sessions & referrals. */
if ($o1 & 128) {
define('s', $u->ses_id); define('_hs', '<input type="hidden" name="S" value="'. s .'" /><input type="hidden" name="SQ" value="'. $sq .'" />');
if ($o2 & 8192) {
if ($o2 & 32768) {
define('_rsid', __fud_real_user__ .'/'. s .'/');
} else {
define('_rsid', 'rid='. __fud_real_user__ .'&S='. s);
}
} else {
if ($o2 & 32768) {
define('_rsid', s .'/');
} else {
define('_rsid', 'S='. s);
}
}
} else {
define('s', ''); define('_hs', '<input type="hidden" name="SQ" value="'. $sq .'" />');
if ($o2 & 8192) {
if ($o2 & 32768) {
define('_rsid', __fud_real_user__ .'/');
} else {
define('_rsid', 'rid='. __fud_real_user__);
}
} else {
define('_rsid', '');
}
}
define('_rsidl', ($o2 & 32768 ? _rsid : str_replace('&', '&', _rsid)));
return $u;
}
function user_register_forum_view($frm_id)
{
if (__dbtype__ == 'mysql') { // MySQL optimization.
q('INSERT INTO fud30_forum_read (forum_id, user_id, last_view) VALUES ('. $frm_id .', '. _uid .', '. __request_timestamp__ .') ON DUPLICATE KEY UPDATE last_view=VALUES(last_view)');
return;
}
if (!db_li('INSERT INTO fud30_forum_read (forum_id, user_id, last_view) VALUES ('. $frm_id .', '. _uid .', '. __request_timestamp__ .')', $ef)) {
q('UPDATE fud30_forum_read SET last_view='. __request_timestamp__ .' WHERE forum_id='. $frm_id .' AND user_id='. _uid);
}
}
function user_register_thread_view($thread_id, $tm=__request_timestamp__, $msg_id=0)
{
if (__dbtype__ == 'mysql') { // MySQL optimization.
q('INSERT INTO fud30_read (last_view, msg_id, thread_id, user_id) VALUES('. $tm .', '. $msg_id .', '. $thread_id .', '. _uid .') ON DUPLICATE KEY UPDATE last_view=VALUES(last_view), msg_id=VALUES(msg_id)');
return;
}
if (!db_li('INSERT INTO fud30_read (last_view, msg_id, thread_id, user_id) VALUES('. $tm .', '. $msg_id .', '. $thread_id .', '. _uid .')', $ef)) {
q('UPDATE fud30_read SET last_view='. $tm .', msg_id='. $msg_id .' WHERE thread_id='. $thread_id .' AND user_id='. _uid);
}
}
function user_set_post_count($uid)
{
$pd = db_saq('SELECT MAX(id), count(*) FROM fud30_msg WHERE poster_id='. $uid .' AND apr=1');
$level_id = (int) q_singleval(q_limit('SELECT id FROM fud30_level WHERE post_count <= '. $pd[1] .' ORDER BY post_count DESC', 1));
q('UPDATE fud30_users SET u_last_post_id='. (int)$pd[0] .', posted_msg_count='. (int)$pd[1] .', level_id='. $level_id .' WHERE id='. $uid);
}
function user_mark_all_read($id)
{
q('UPDATE fud30_users SET last_read='. __request_timestamp__ .' WHERE id='. $id);
q('DELETE FROM fud30_read WHERE user_id='. $id);
q('DELETE FROM fud30_forum_read WHERE user_id='. $id);
}
function user_mark_forum_read($id, $fid, $last_view)
{
if (__dbtype__ == 'mysql') { // MySQL optimization.
q('INSERT INTO fud30_read (user_id, thread_id, msg_id, last_view) SELECT '. $id .', id, last_post_id, '. __request_timestamp__ .' FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view .' ON DUPLICATE KEY UPDATE last_view=VALUES(last_view), msg_id=VALUES(msg_id)');
} else if (__dbtype__ == 'sqlite') { // SQLite optimization.
q('REPLACE INTO fud30_read (user_id, thread_id, msg_id, last_view) SELECT '. $id .', id, last_post_id, '. __request_timestamp__ .' FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view);
} else { // Other databases.
if (!db_li('INSERT INTO fud30_read (user_id, thread_id, msg_id, last_view) SELECT '. $id .', id, last_post_id, '. __request_timestamp__ .' FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view, $ef)) {
q('UPDATE fud30_read SET user_id='. $id .', msg_id=t.last_post_id, last_view='. __request_timestamp__ .' FROM (SELECT id, last_post_id FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view .') t WHERE user_id='. $id .' AND thread_id=t.id');
}
}
user_register_forum_view($fid);
}
function sq_check($post, &$sq, $uid=__fud_real_user__, $ses=s)
{
/* No sequence # check for anonymous users. */
if (!$uid) {
return 1;
}
if ($post && isset($_POST['SQ'])) {
$s = $_POST['SQ'];
} else if (!$post && isset($_GET['SQ'])) {
$s = $_GET['SQ'];
} else {
$s = 0;
}
if ($sq !== $s) {
if ($GLOBALS['t'] == 'post' || $GLOBALS['t'] == 'ppost') {
define('fud_bad_sq', 1);
$sq = regen_sq($uid);
return 1;
}
header('Location: [[relativeurl]]/index.php?S='. $ses);
exit;
}
return 1;
}
function regen_sq($uid=__fud_real_user__)
{
$sq = md5(get_random_value(128));
q('UPDATE fud30_users SET sq=\''. $sq .'\' WHERE id='. $uid);
return $sq;
}
// Initialize user session.
if (isset($_SERVER['REMOTE_ADDR']) && !defined('no_session')) {
$GLOBALS['usr'] = init_user();
}
fud_use('err.inc');
/* BUST_A_PUNK enabled. */
if ($FUD_OPT_2 & 524288 && isset($_COOKIE[$COOKIE_NAME .'1']) && $t != 'error') {
fud_use('errmsg.inc');
exit_user_banned();
}
/* Check PHP_COMPRESSION_ENABLE. */
if ($FUD_OPT_2 & 16384 && $t != 'getfile') {
ini_set('zlib.output_compression_level', (int)$PHP_COMPRESSION_LEVEL);
ob_start('ob_gzhandler');
}
if ($t == 'rview') {
if (isset($_GET['th']) || isset($_GET['goto'])) {
$t = $_GET['t'] = d_thread_view;
} else if (isset($_GET['frm_id'])) {
$t = $_GET['t'] = t_thread_view;
} else {
$t = $_GET['t'] = 'index';
}
} else if (preg_match('/[^a-z_]/', $t) || !@file_exists($WWW_ROOT_DISK . fud_theme . $t .'.php')) {
// Page not found, redirect to front page.
http_response_code(404);
$t = 'index';
}
/* Call themed template. */
if (defined('plugins')) {
$t = plugin_call_hook('PRE_TEMPLATE', $t);
if (isset($plugin_hooks['POST_TEMPLATE'])) {
ob_start(); // Start capturing output for POST_TEMPLATE plugins.
}
}
require($WWW_ROOT_DISK . fud_theme .'language.inc'); // Initialize theme's language helper functions.
require($WWW_ROOT_DISK . fud_theme . $t .'.php');
if (defined('plugins') && isset($plugin_hooks['POST_TEMPLATE'])) {
$template_data = ob_get_contents();
ob_end_clean();
echo plugin_call_hook('POST_TEMPLATE', $template_data);
}
/* Housekeeping. */
while (ob_get_level() > 0) ob_end_flush(); // Flush all output to browser.
switch ($t) {
case 'msg':
if (!isset($_GET['prevloaded'])) {
th_inc_view_count($frm->id);
}
if (_uid && $obj2) {
if ($frm->last_forum_view < $obj2->post_stamp) {
user_register_forum_view($frm->forum_id);
}
if ($frm->last_view < $obj2->post_stamp) {
user_register_thread_view($frm->id, $obj2->post_stamp, $obj2->id);
}
}
break;
case 'tree':
if (_uid && $msg_obj) {
th_inc_view_count($msg_obj->thread_id);
if ($frm->last_forum_view < $msg_obj->post_stamp) {
user_register_forum_view($msg_obj->forum_id);
}
if ($frm->last_view < $msg_obj->post_stamp) {
user_register_thread_view($msg_obj->thread_id, $msg_obj->post_stamp, $msg_obj->id);
}
}
break;
case 'login':
/* Clear expired sessions AND anonymous sessions older than 1 day. */
q('DELETE FROM fud30_ses WHERE time_sec<'. (__request_timestamp__- ($FUD_OPT_3 & 1 ? $SESSION_TIMEOUT : $COOKIE_TIMEOUT)) .' OR (user_id>2000000000 AND time_sec<'. (__request_timestamp__- 86400) .')');
break;
case 'thread':
case 'threadt':
if (_uid) {
user_register_forum_view($frm_id);
}
break;
}
?>